[CentOS] How can i share my WAN ip to my LAN?

Mon Jan 28 07:45:37 UTC 2008
Tolun ARDAHANLI <tolun.ardahanli at linux.org.tr>

Hi guys;

OK let me explain like this...

We had a problem with our General network administration and our General
network cant be managed so well(Cause of our IT manager is not so good about
administration on our network). that is why i thing that our department's
users must be separated from General LAN(Cause of our Generel LAN effected
to our working performance). After that we separated our users to another
subnet(192.168.1.xxx).

Right now all of my departments member joined to our server(Centos5.1) and
all of them joins to internet over our server... We solved the problem
together if you read all mails in this subject...

I thing Only problem is that "our members must not to reach server's
internet side ip(192.168.10.13)" am i right for that?
and
other question is about "how can i stop the ssh service for the internet
side ip(192.168.10.13)"?

I am not a network engineer... I am just a software engineer... I am trying
to do our project on Linux systems... I cant focus so deeply on network
administration... Only I can do your advise... not else... Cause I can't
spent time for that(I want but I can't)..:(

I hope that I explained it well...;)...

thanks to all...

sincerely yours...



2008/1/25, Alain Spineux <aspineux at gmail.com>:
>
> On Jan 25, 2008 9:37 AM, Tolun ARDAHANLI <tolun.ardahanli at linux.org.tr>
> wrote:
> > Thank you for all really I solved the forward/ip sharing problem...
> >
> > But I see there is other problem with that like this;
> >
> > This is my network structure now;
> > LAN(there are 3machines):
> > start ip:192.168.1.10
> >  end ip: 192.168.1.12
> > gateway address of users: 192.168.1.100 (my server's LAN side ip
> address)
> > LAN side Server ip: 192.168.1.100
> >
> >
> > WAN(this ip comes from behind of swicth. the switch is behind of
> firewall
> > and firewall is behind of router):
> >  WAN side Server ip: 192.168.10.13
> > gateway address of Server:192.168.10.1
> >
> > And here is the problem i thing;
> > The users from inside(LAN) can reach from server's WAN side
> > ip(192.168.10.13) and they can ping it and they can take a services
> which is
> > for LAN services(like ssh...etc).
> >
> > I agree that pinging from LAN to gateway address(192.168.10.1). But I
> cant
> > agree that pinging to server's WAN address(192.168.10.13). Do I thing
> wrong
> > at this point? and last question is about how can I close/stop services
> for
> > WAN side?
>
> I dont understant!
> WHO is (OR CANNOT) pinging 192.168.10.13 or can (OR CANNOT) access the
> service ? LAN or WAN ?
>
>
> >
> > thanks to all of you...
> >
> > sincerely yours...
> >
> >
> >
> >
> >
> >
> >
> > 2008/1/24, Alain Spineux <aspineux at gmail.com>:
> >
> > > On Jan 24, 2008 5:42 AM, Alain Spineux <aspineux at gmail.com> wrote:
> > > > On Jan 23, 2008 9:43 AM, Tolun ARDAHANLI <
> tolun.ardahanli at linux.org.tr>
> > wrote:
> > > > > Hi again to everyone;
> > > > >
> > > > > Guys your mails are very nice... i liked all of them...
> > > > >
> > > > > let me give you about my system and my need(sorry for writing
> these
> > late)...
> > > > >
> > > > > I've got an IBM x3650 server which is open 7d/24h. It has got 2
> > ethernet
> > > > > card. I would like to connect my LAN to WAN over this machine...
> > > > >
> > > > > LAN(there are 3machines):
> > > > > start ip:192.168.10.10
> > > > > end ip: 192.168.10.12
> > > > > gateway address of users:192.168.10.13(my server's LAN side ip
> > address)
> > > > > LAN side Server ip: 192.168.10.13
> > > > >
> > > > > WAN(this ip comes from behind of swicth. the switch is behind of
> > firewall
> > > > > and firewall is behind of router):
> > > > > WAN side Server ip: 10.10.1.223
> > > > > gateway address of Server:10.10.1.111
> > > > >
> > > > > this is my network chances...:( i cant change them cause our
> company
> > has
> > > > > strong rules for these addresses... I want to share my WAN side ip
> > address
> > > > > to my LAN side...
> > > > >
> > > > > How can I do that on my CENTos installed server?
> > > > >
> > > > > thanks a lot to everybody...
> > > >
> > > > The short way, supposing your wan is secure and your wan interface
> is
> > eth1:
> > > >
> > > > Disable any firewall rules on your centos,
> > > >
> > > > service iptables stop
> > > > chkconfig iptables off
> > > >
> > > > try these commands, and if this is working put them in your
> > /etc/init.d/rc.local
> > > >
> > > > # enable forwarding of packet between all interfaces
> > > > echo 1 > /proc/sys/net/ipv4/ip_forward
> > > > # config masquerading, any packet leaving eth1 will be masqueraded,
> > > > taking eth1 address for source address.
> > > > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> > >
> > > Another interesting way, is to setup only routing on your centos, and
> > > add (ask your network manager) the route
> > > of your internal network (I guess 192.168.10.8/29 through
> > > 192.168.10.13 ) on your firewall and maybe a similar one
> > > on your router if the firewall is not doing NAT.
> > > Then your firewall administrator can control the access to any of your
> > > internal machines or make some of them reachable
> > > from outside if for example you want to have a web server or an email
> > > server (this is not a good idea, but you get the idea).
> > > All of this without chnaging anything more on your centos router.
> > >
> > > To route packet only,  without doing NAT (aka MASQUERADING or
> HIDE-NAT)
> > > just use
> > > echo 1 > /proc/sys/net/ipv4/ip_forward
> > >
> > > Regards
> > > >
> > > > Regards.
> > > >
> > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > 2008/1/22, Dennis McLeod <dmcleod at foranyauto.com >:
> > > > >
> > > > > > I have an IPcop box setup at work. Using squidguard to keep
> > customers from
> > > > > > surfing porn while they are in our waiting room. (On a
> completely
> > separate
> > > > > > DSL connection..)
> > > > > >
> > > > > > I have an Astaro Security Gateway setup at home (on a Dell p3
> > precision
> > > > > > 220). Free home license, do FAR more than your typical broadband
> > router.
> > > > > Not
> > > > > > a small learning curve, though. Wireless is through a D-link
> > DWL-7100(I
> > > > > > think) access point in the attic.
> > > > > > I have a Linksys wrt54g (original version) with openWRT, but
> it's
> > just
> > > > > there
> > > > > > for backup.....
> > > > > >
> > > > > > Any of the above will accomplish your goal...
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: centos-bounces at centos.org [mailto:
> centos-bounces at centos.org]
> > On
> > > > > Behalf
> > > > > > Of Alain Spineux
> > > > > > Sent: Tuesday, January 22, 2008 6:52 AM
> > > > > > To: CentOS mailing list
> > > > > > Subject: Re: [CentOS] How can i share my WAN ip to my LAN?
> > > > > >
> > > > > > On Jan 22, 2008 3:17 PM, William L. Maltby <
> > CentOS4Bill at triad.rr.com>
> > > > > wrote:
> > > > > > > On Tue, 2008-01-22 at 14:49 +0100, Alain Spineux wrote:
> > > > > > > > On Jan 22, 2008 8:46 AM, Tolun ARDAHANLI <
> > > > > tolun.ardahanli at linux.org.tr>
> > > > > > wrote:
> > > > > > > > > Hi everybody...
> > > > > > > > >
> > > > > > > > > How can I share my WAN ip to my LAN? How can I do that I
> > really
> > > > > > > > > dont know...:( I am using linux long time ago but this
> kind I
> > > > > > > > > would like to do newly...
> > > > > > > >
> > > > > > > > Buy a small router/modem, ask your ISP for suggestions.
> > > > > > > > This is cheap (<100$), no need to keep your computer always
> > turned
> > > > > > > > on, very easy to configure if you nead more features (port
> > > > > > > > forwarding for skype, games, p2p, ....), have some builtint
> > feature
> > > > > > > > (dhcp, DNS proxy). Also think about wireless ......
> > > > > > > > This is probably more secure, not because centos/linux is
> not,
> > but
> > > > > > > > because you dont know what you are doing.
> > > > > > > >
> > > > > > > > Of course this is less fun
> > > > > > >
> > > > > > > Well, I wasn't going to suggest, but since the topic of
> > alternatives
> > > > > > > is open...
> > > > > >
> > > > > > :-)
> > > > > >
> > > > > > Of course the main idea is to avoid to have a non firewall
> dedicated
> > linux
> > > > > > (like centos is) configured by someone without to much network
> > knowledge
> > > > > be
> > > > > > in front of Internet.
> > > > > >
> > > > > > >
> > > > > > > If you have an older available computer laying around, check
> out
> > IPCop
> > > > > > >
> > > > > > >     http://www.ipcop.org/
> > > > > > >
> > > > > > > free, has lots of features, runs reliably, I've been on it for
> > years,
> > > > > > > as have others on this list. Biggest gripe I have is docs
> could be
> > a
> > > > > > > little better - they tend to not get updated to stay up with
> the
> > > > > software.
> > > > > > >
> > > > > > > >
> > > > > > > > Regards.
> > > > > > > >
> > > > > > > > >
> > > > > > > > > Can anybody help me about IP sharing in Centos?
> > > > > > > > >
> > > > > > > > > thanks alot...
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Tolun ARDAHANLI
> > > > > > > > > Bilgisayar Muhendisi
> > > > > > > > > E-posta: tolun.ardahanli at linux.org.tr
> > > > > > > > > Icq:326600
> > > > > > > > >
> > > > > > > > >
> > ------------------------------------------------------------------
> > > > > > > > > ----------
> > > > > > > > >
> > > > > > > > > Tolun ARDAHANLI
> > > > > > > > > Computer Engineer
> > > > > > > > > E-mail:tolun.ardahanli at linux.org.tr
> > > > > > > > > Icq:326600
> > > > > > > > ><snip sig stuff>
> > > > > > >
> > > > > > > HTH
> > > > > > > --
> > > > > > > Bill
> > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > CentOS mailing list
> > > > > > > CentOS at centos.org
> > > > > > > http://lists.centos.org/mailman/listinfo/centos
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Alain Spineux
> > > > > > aspineux gmail com
> > > > > > May the sources be with you
> > > > > > _______________________________________________
> > > > > > CentOS mailing list
> > > > > > CentOS at centos.org
> > > > > > http://lists.centos.org/mailman/listinfo/centos
> > > > > >
> > > > > > _______________________________________________
> > > > > > CentOS mailing list
> > > > > > CentOS at centos.org
> > > > > > http://lists.centos.org/mailman/listinfo/centos
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > >
> > > > > Tolun ARDAHANLI
> > > > > Bilgisayar Muhendisi
> > > > > E-posta:tolun.ardahanli at linux.org.tr
> > > > > Icq:326600
> > > > >
> > > > >
> >
> ----------------------------------------------------------------------------
> > > > >
> > > > > Tolun ARDAHANLI
> > > > > Computer Engineer
> > > > > E-mail:tolun.ardahanli at linux.org.tr
> > > > > Icq:326600
> > > > > _______________________________________________
> > > > > CentOS mailing list
> > > > > CentOS at centos.org
> > > > > http://lists.centos.org/mailman/listinfo/centos
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Alain Spineux
> > > > aspineux gmail com
> > > > May the sources be with you
> > > >
> > >
> > >
> > >
> > > --
> > > Alain Spineux
> > > aspineux gmail com
> > > May the sources be with you
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS at centos.org
> > > http://lists.centos.org/mailman/listinfo/centos
> > >
> >
> >
> >
> >
> > --
> > Tolun ARDAHANLI
> > Bilgisayar Muhendisi
> > E-posta:tolun.ardahanli at linux.org.tr
> > Icq:326600
> >
> >
> ----------------------------------------------------------------------------
> >
> > Tolun ARDAHANLI
> > Computer Engineer
> > E-mail:tolun.ardahanli at linux.org.tr
> > Icq:326600
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> >
>
>
>
> --
> Alain Spineux
> aspineux gmail com
> May the sources be with you
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tolun ARDAHANLI
Bilgisayar Muhendisi
E-posta:tolun.ardahanli at linux.org.tr
Icq:326600

----------------------------------------------------------------------------

Tolun ARDAHANLI
Computer Engineer
E-mail:tolun.ardahanli at linux.org.tr
Icq:326600
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080128/cc93b1b0/attachment-0005.html>